Conduct: Prevention, Detection and Deterrence of Abuses by Financial Institutions
Monday, Feb 15, 2016

Conduct: Prevention, Detection and Deterrence of Abuses by Financial Institutions


The term “conduct” refers to how providers of financial services to customers and others who participate in the financial markets as issuers, brokers, infra-structure[2] operators and traders conduct their business. In particular, proper conduct as interpreted by national financial sector authorities concerns how financial institutions protect (or at least do not infringe)  the interests of customers, investors and market[3] participants generally in transactional fairness, access to reasonably symmetric information, and maintenance of confidence in  market integrity.  Conduct regimes recognize that the maintenance of trust is important to the retention of business and hence that the interests of business generation and execution should in principle not be misaligned with the interests of customers, investors, and end-users.[4]    Typically conduct regimes include:

  • a regulatory/legislative framework,
  • supervisory and enforcement tools to implement that framework, and
  • a mechanism for redress of customer loss or harm.

This note explains:

  • How different financial sector  authorities define and seek to detect and deter conduct abuses and to mitigate their impact;
  • How supervisory measures to achieve prudential and conduct objectives and related risks differ in emphasis;
  • How different financial sector authorities approach conduct supervision; and
  • Why prudential, conduct and stability issues are linked.

The objective of conduct supervision in markets (which operate in accordance with commercial conventions and explicit rules, including algorithms)  is to promote a fair, transparent, market in which participants of a given class (intermediary/broker, proprietary trader/exchange or other market member, or other professional—e.g., advisor, asset manager, retail or wholesale end-user, counterparty or customer[5]) are treated equivalently.  A fair and transparent marketplace is not just a concern of politicians, national financial sector authorities, and the public, it is important to financial institutions and infrastructures (exchanges and other markets and clearing and settlement structures) as well.  In that market intermediaries and exchange members, like their clients,  are market participants, a level playing field for each participant class with clear rules of play is ultimately relevant to market professionals’ as well as end-users’ ongoing economic success.

This note reflects the growing appreciation among national financial sector authorities and standard setters that as financial markets depend on the continuing confidence and trust of their users, misconduct can affect financial stability. Misconduct by financial and market intermediaries and participants, like financial risk, can result in contagion.  The reputational risk or “loss of trust factor” resulting from misconduct can adversely affect confidence in one or more participants or markets and hence affect

  • stability, liquidity, pricing, and credit availability;
  • development of the financial sector and access to it within an economy; and
  • ultimately, the health of the economy itself.

This note discusses a medley of approaches to conduct supervision, primarily from the perspective of overseeing financial institutions or intermediaries.  This is because, at this juncture, despite substantial agreement on the elements of good conduct in concept and market abuses in particular, there is no settled view on the optimal supervisory approach and the scope and nature of the specific conduct addressed is different for banks, insurance companies, and securities intermediaries and infra-structures.  The existence of compendiums of high level good practices and the relevance of the thinking therein to all financial sector authorities has not yet lead to a  common view across products, sectors, institutions, infrastructures, and jurisdictions as to the optimal approaches and methodologies for identifying, preventing and redressing misconduct.

A principal reason driving differences in approach is that the legal obligations affecting conduct are tailored to specific types of financial institutions and products and the related expectations of their clients/buyers. For example, depositors in commercial banks (whose money is used by the bank for its own loans and investments) expect the return of their deposits in full; insurance policy holders are interested in the fair treatment of their claims and the ability of their insurer over an expected time horizon to honor their insurance contracts; and, investors are concerned that the risks of their investments are fairly described and managed according to  specified investment policies and objectives, but only elect to take the risks of those investments subject to proper disclosure and execution of the investment mandate they have granted[6].  Comparatively speaking, the obligations of insurers, pension funds and securities intermediaries to their customers are more often comprehensively defined by law and regulation than are those of banks.

Nonetheless, despite these differences, this note is relevant to all sectors.  It concludes that the divergence in thinking concerning how best to execute conduct and prudential supervision is narrowing and some ideas about best approaches are converging. For example, in December, 2014 the European Securities Markets Authority (ESMA) indicated that one improvement to conduct supervision practices would be for all jurisdictions and sectors to assign “appropriate relevance” to the risk of mis-conduct as well as prudential risks in risk assessments[7].  An increasing awareness today (2016) that each type of supervision is relevant to the other, and that there is a need for a “culture” of fairness irrespective of the product or offeror of financial services, is resulting in increased interest in how risk-basing can take into account conduct compliance and in designing effective mechanisms to protect customers and the market drawing on experience from every sector.

How Regulators and Supervisors Distinguish “Conduct” From Other Forms of Supervision?

Conduct policies and rules are considered to be separate and distinct from financial soundness or prudential obligations, but complementary.  Financial soundness requirements are directed at the ability of institutions to remain solvent and liquid.  At the same time financial soundness requirements provide a financial incentive for proper conduct by licensed financial institutions—that is, a version of “skin in the game”  or a “barrier to entry” to insufficiently capitalized entities depending on your point of view.   In that financial soundness and prudential requirements support the integrity of financial institutions and markets, as a by-product, their existence protects the interest of customers using the financial institutions subject to such requirements as brokers or custodians.  For example, these requirements mitigate the potential for the default of a customer’s broker or custodian due to  risks (unknown to the customer) to the soundness and continuity of such broker or custodian, including potential financial risks (e.g., excessive exposures) originating from other customers.

Conduct supervision, while similar in concept across sectors, also differs in implementation  by sector and by activity.   Conduct supervision is tailored to;

  • The specific activities conducted and products offered (“functional)[8];
  • The type of financial institution (“institutional”), e.g., bank, building society, broker, fund manager, insurer, pension fund, proprietary trader etc.;
  • Each institution’s respective/target customer/counterparty base (wholesale, public interest institution, retail, underserved community);
  • The definition of the institution’s obligations and how these should be met as a matter of law, regulation, custom, code of conduct or practice, exchange and other market infra-structure rules, and terms and conditions of applicable contracts for services and products; and
  • The means of redress for their infringement.
  • Additionally, activity giving rise to conduct issues must be assessed in branches and other distributive networks, whereas capital (even though considered both at the level of each legal entity in a group and on a consolidated basis) is not capable of being assessed, and need not be assessed, branch-by-branch.

Three primary distinctions among intermediaries also affect how conduct supervision may differ in intensity.  These are:

  • the expected treatment of customer funds and property by the intermediary, including whether the intermediary or a third party serves as custodian of those funds;
  • the extent to which the intermediary can act as both a principal (acting for itself) and as an agent (acting for others) and/or the contractual and legal relationship of the intermediary or market to its customer[9]: and
  • how, and to whom, the intermediary distributes/sells products and services and meets its contractual obligations related to those products and services.

A further source of different approaches is transparency. Cross-sectorally the expected level of transparency with respect to financial products, institutions, and markets differs.  For example, authorities and even customers may know daily what is in a collective investment portfolio regulated and supervised by the securities authorities.  The nature of the assets held by banks, such as loans and investments, may not be known to the depositors of those banks; in some jurisdictions this opacity might also be true of units in hedge funds and participations in bank-organized collective investment trusts.  In the case of derivatives, opacity may be related to the complexity of the products.  As transparency is essential to permit a market participant to make informed decisions, less transparent markets and products may require greater attention by supervisors. 

Some Types of Conduct Abuses

Conduct abuses are by necessity differentiated by sector, by applicable law and regulation and by the activities of licensed intermediaries.  Nonetheless, they can be usefully grouped as follows:

Type of Conduct Abuse



Cold Calling and aggressive practices

Failure to provide disclosure

Misrepresentations; misleading, incomplete information

Discounting disclosure (verbal lulling or over-riding of written or required verbal disclosure)

Sale of products unsuitable for a client’s credit or risk profile

Improper account documentation

Failure to provide, or to timely provide, post sale/post trade disclosure of prices or trade confirmations

Toxic, flawed or unduly complex products

Failure to provide “best execution”


Trading ahead; front-running a customer with a proprietary trade


Manipulation of prices

Insider trading

Unauthorized trading; disregard of investment policies

Disruptive, non-conventional practices as defined by exchange rule or otherwise

Unconscionable fees or mark-ups

Untimely execution

Untimely confirmation



Mis-valuation, or different valuations for the customer and the seller

Unsuitable recommendation for financial/credit circumstances and/or financial objectives of customer

Churning (excessive trading to generate fees)

Unconscionable fees

Inappropriate compensation

Treatment of customer assets

Mishandling (e.g., failure to segregate customer and proprietary assets)


Jurisdictions may  also distinguish between internal misconduct (such as mishandling funds, misallocating trades in managed accounts, mis-valuing products of customers) and external/outward-facing misconduct (such as improper or misleading sales practices.)

Why is “Conduct Supervision” Important?

For conduct supervisors[10], which includes most securities authorities, good conduct is a goal in itself, that is, fair conduct is a goal independent of stability and prudential concerns.  In order for investors to make informed and  appropriate investment choices, sales conduct must be fair and disclosure must not be misleading. In that securities markets are risk-taking markets, the proper disclosure of risk to users is critical to those users making appropriate risk decisions. Indeed, in many jurisdictions, certain transactions are not considered permitted for the less sophisticated, more vulnerable customers, who may be either incapable to judge, or incapable to bear, certain risks. In other jurisdictions, the broker may be required to inform the customer that while it can undertake a transaction, the transaction may be too risky for the customer’s specific circumstance[11].

Conduct oversight programs also might be called “supervision plus.”  Conduct oversight is usually undertaken by using multiple approaches including surveillance, monitoring, off-site and on-site supervisory review, investigation and enforcement activities, and customer redress arrangements. Oversight may even extend to approving certain types of products and contracts[12].  In the case of insurance, the value of the product depends on the relevant contract being properly described and claims under the policy being properly handled, as well as on the financial health of the insurance intermediary. Life insurance companies may also sell investment type products such as annuities, the terms of which in some jurisdictions are themselves considered to be securities subject to disclosure requirements similar to other types of investment products.

This note advocates awareness among prudential authorities (or authorities with prudential responsibilities) of the importance of fostering a culture of fair conduct within and by financial institutions and markets.  Conduct abuses generally result from the drive to enhance institutional or individual gain.  Abuses, such as unauthorized trading, misallocation of trades,   aggressive sales practices (mis-selling), and mishandling of customer funds, may also expose prudential weaknesses.   For example, such abuses may encourage inappropriate risk taking or mask the extent of risks, leading to their misevaluation and possible concomitant financial failures or market disruptions. Publicity about abuses also may engender reputational harm that can adversely impact a particular institution or infect an entire market not to mention the relevant supervisory authority.   This is, a fortiori, the case in jurisdictions where banks are direct or indirect distributors of financial products including corporate debt, equity securities, and insurance.

Who is Accountable for Conduct Supervision; Does this Differ Across Sectors?

In the first instance it is the financial institution itself that is accountable for its own business conduct.  Accountability includes responsibility for the competence and propriety of employees who engage in the distribution of financial products, handle customer funds and accounts, conclude trades, and recommend products and transactions.  Accountability also includes effective managerial oversight and supervision of personnel and accounts, including having in place policies addressing fair treatment and the escalation of, and follow-up on, concerns surfaced and complaints filed.   In some jurisdictions the industry as a group regularly defines and publishes agreed best practices and/or codes of conduct.  In the US both professional and statutory self-regulatory (private regulatory) authorities[13] have asked industry members to undertake self-assessments against such codes and practices and to report on how their policies and procedures address each element[14] (as in “comply or explain” exercises with respect to corporate governance codes.)  The US banking authorities have taken this idea of self-reliant compliance  further by asking major participants to execute so-called voluntary commitment letters to bring business practices into line with industry and authority views on specific best practices and elements of fair conduct—such as for example, the timeliness of confirmations, the bases for recommendations, the contents of product disclosure,  proper incentives related to sales and trading activities, and the avoidance of conflicts[15].

In the securities sector, the International Organization of Securities Commissions (IOSCO) has made the primary accountability of the regulated institution explicit.   Principle 31 of IOSCO’s Objectives and Principles of Securities Regulation[16] reads as follows:

 “Market intermediaries should be required to establish an internal function that delivers compliance with standards for internal organization and operational conduct, with the aim of protecting the interests of clients and their assets and ensuring proper management of risk, through which management of the intermediary accepts primary responsibility for these matters.” [Emphasis added]

That Principle further explains:  The management of a market intermediary should bear primary responsibility for ensuring the maintenance of appropriate standards of conduct and adherence to proper procedures by the whole firm, that is its employees.  Similarly, in the case of regulated exchanges or markets, the IOSCO Principles expect on-going regulatory supervision to include the exchange/market itself having accountability for compliance with fair and equitable rules (Principle 34).  Where the financial system makes use of a “statutory” self-regulatory organization (SRO) as part of the conduct oversight framework to augment authority resources, such SROs must themselves observe standards of fairness and confidentiality and be subject to oversight by the regulator/supervisor when exercising powers and delegated responsibilities (Principle 9).  While the trend is to more direct supervision by the authorities as opposed to SROs and exchanges, this is not intended to relieve regulated/licensed intermediaries, markets and SROs of their compliance responsibilities.

Additionally, in the securities sector, use of enforcement tools and provision for private rights of action[17] are critical adjuncts to examination/review/audit-type supervisory practices. These additional coercive, preventive, and compensatory mechanisms permit both the enforcement/regulatory/supervisory authority and private sector customers and market participants to send messages about specific activities that are improper and to seek compensation for mistreatment of customers and market abuses[18].  Enforcement activities are intended to be proportional to the harm caused and effective and dissuasive deterrents.

Enforcement remedies incentivize financial institutions to address their accountability by among other things adopting policies and procedures reasonably designed to prevent misconduct.  In the conduct area, specific violations are often described in law or regulation or manuals and handbooks.   Even the UK principles-based regime is supported by an 800-page “compliance” manual[19].   Enforcement sanctions or remedies for market misconduct include removal of persons from the business, monetary fines, restitution of customer losses and disgorgement of gains from violative conduct.  Enforcement is such an integral part of securities conduct regimes that in some jurisdictions it enhances the ability to seek redress.  These jurisdictions permit customers to “piggy-back” on determinations of liability for violations obtained by the authority to pursue their own claims for private compensation. Measures to deter misconduct also seek to prevent mal-feasors from forum shopping if barred or sanctioned in one jurisdiction or sector.  For example,  cooperation among domestic and global competent authorities to prevent mal-feasors from seeking sanctuary elsewhere  has from the outset of international standard-setting been first in importance among IOSCO’s international standards—the execution of the IOSCO Multi-lateral Memorandum of Understanding on Information Sharing being effectively a condition of membership.

In the banking sector, taking corrective or enforcement action is also a role of the authority but the relevance of conduct supervision may be subordinated to prudential goals[20] and corrective actions in the prudential area may be viewed more as remedial than punitive.  Perhaps this apparent difference of nuance is in part explained by the fact that securities authorities are considered to be more oriented than prudential authorities to enforcement of supervisory failures of the institutions they oversee than to direct supervision.

The insurance sector approach to conduct is a medley of the securities and the banking approach. The high level objective of fair treatment of insurance customers is the same. In some jurisdictions, if insurers do not handle claims in good faith the legal consequences however can be severe[21].

 From a framework perspective conduct supervision may be implemented in several ways.  It might be integrated within a single supervisory authority, divided among bank and non-bank supervisors, or handled in whole or in part by separate consumer protection agencies.   The balance between the compliance activities expected of firms, the “rules” applicable to all market participants and the extent of the supervisory and enforcement activities undertaken and by which authorities differs across sectors and jurisdictions.

Incentivizing appropriate conduct by intermediaries and market participants (an industry culture of fairness, professional conduct, best practices and compliance as it were) seems critical in every case to the application by competent authorities of risk-based supervision methodologies.  As markets mature, relevant competent authorities rely in the first instance on the controls implemented by firms to address the proper management of risk and the proper conduct of business. Knowing what those controls are in the case of conduct matters, providing guidance on controls and assessing control environments is essential to supervisory practices.  No supervisory authority has the ability to itself oversee every trading desk, custodian, sales rep, and insurance claim 24/7, but each relevant authority can assess where to focus its supervision, enforcement and regulation efforts and resources based on its understanding of a given firm’s control environment for conduct as well as other requirements.  And each authority has its own reputational risk to the extent its oversight system is measured in terms of its failures not its successes in such appraisals.

Implementing a Conduct Regime:  Some Examples of Approaches and Methodologies to Prevent, Detect and Deter Misconduct—a Combination of Regulation, Supervision, Compliance and Enforcement

Legal rules and framework:  Firstly, supervision of conduct requires an enabling legal framework, preferably accompanied by specific conduct duties and obligations (whether principles-based or prescriptive).  Within this framework, ideally the sector-specific authority itself, or in conjunction with others,[22]  would have the power to provide additional interpretations and guidance and to develop binding regulations (or secondary law) subject to appropriate processes to provide additional clarity as to proper conduct as the market and products evolve. Not every authority has such power, but some authorities augment formal powers or compensate for their lack by making use of focus groups, warnings, speeches, moral suasion and “unofficial” guidance to make their views known on emerging conduct issues.

Ongoing processes: Secondly, once a framework is established operational approaches to ongoing supervision and oversight can be best described as a “cradle to grave” process.  This means ongoing supervision methods take into account intermediaries from the point of licensing to the point of withdrawal, termination, resolution, or failure.   Licensing/registration/authorization is key as it identifies to the public and counterparties “qualified” and “known” purveyors of services which are overseen by the competent authorities and in good standing.  Licensing is also an opportunity for the competent supervisory/regulatory authority to assess whether the firm seeking a license has the organizational capacity and proper controls to deliver the proper treatment of customers, and meet other applicable requirements. An assessment of a potential licensee/registrant’s business plan and controls typically is part of the initial licensing process.  While not every jurisdiction performs initial “conduct” on-site visits at the point of licensing to make this assessment,  often, those that do not, perform early so-called “nursery”[23] visits to see how  new entrants are conducting themselves relatively contemporaneously to initial licensing.  Thereafter on-site and other techniques are used.

Operational approaches to supervision:  Thirdly, a variety of approaches to promoting good conduct consistent with the type of financial institutions, customers and the scope and complexity of the market, are pursued by financial supervisors and regulators.  These include various mechanisms to instill an appropriate “fairness” culture and may draw on risk-basing or other supervisory processes to prioritize activities, institutions and products in terms of importance and potential impact to determine the timing, frequency and scope of supervisory review.  For example, financial firms directly handling customer funds and assets typically would be given more attention, and more frequent attention, than those that do not.  Similarly, instances of specific misconduct (manipulation/insider trading) or incidents of potential unfairness, such as so-called  “late trading” of mutual fund shares (a practice whereby large customer institutions take advantage of the ability to sell units after hours at the days net asset value) might be followed by ad hoc/for cause or thematic on-site visits to determine how widespread and problematic to other fund unit-holders the practice was and to form a basis for further guidance on the subject.

Enforcement and redress:  Finally, conduct oversight is usually accompanied by a litany of potential enforcement activities typical of the sector in which the supervised entity operates and whether it is subject to a common law or civil law regime.  These activities can result in banning of licensed firms and or individuals, removing management, requiring restatement or additional disclosure of financial results, transferring accounts to other providers, fines and other penalties and corrective actions.  Enforcement activities may also include so-called “message” cases with published “speaking” orders that explain the reason the sanctioned conduct was unfair or non-compliant with established rules and standards and publication of authority and/or aggregated customer complaints and sanction decisions.  Such public explications of conduct abuses and enforcement actions are seen as a means of demonstrating that the supervisory authority means business about a culture of fairness.  Some jurisdictions consider the publication of an enforcement action to be an additional penalty (to be used only for aggravated violations or recidivists), but public information on types of   malfeasance and mal-feasors is a typical securities tool for reinforcing the accountability of financial institutions and individual market participants. In addition, as stated above, conduct oversight often uses soft-law such as moral suasion, codes of conduct, professional qualifications, warnings, and censures.

Supervision of conduct is by its nature more qualitative and judgmental than is supervision of prudential matters but can complement the results of more quantitative approaches.  Often, for conduct supervision to be effective, cooperation with other authorities within a given jurisdiction may be required.  In that misconduct  can lead to financial losses (overzealous lending, legally voidable transactions), financial disruption (over-leveraged trading, unauthorized trading) and potentially even systemic distress, adequate communication between prudential and conduct departments and/or authorities may be critical to overall effectiveness  Typically conduct supervision programs combine some of the following elements depending of the state of development of the economy, the number of affected firms and markets, the type of customers, and the complexity of products and markets:

  • self-assessments and self-reporting,
  • monitoring,
  • surveillance,
  • on-site and offsite activities,
  • market intelligence activities,
  • trend and data analysis,
  • mystery shopping,
  • complaints handling,
  • whistle blower protections,
  • requirement for internal policies and procedures,
  • continuing legal education,
  • guidance[24] and
  • warning and fraud alert regimes.  

Supervisory Techniques and Tools

Multiple techniques are used both by the authorities and licensed firms to address misconduct and fairness to customers.  In many jurisdictions the approaches to conduct supervision are phased in—in an evolutionary way.  An example of such a step-by-step process for evolution of a conduct regime follows: 

  • Adopting a basic framework giving competent authorities powers relative to conduct supervision of licensed intermediaries and the ability to prevent the conduct of financial services activities by non-licensed individuals or entities
  • Mapping the market (firms, typical customers, markets) and relevant authorities responsible for overseeing the conduct of each financial service, product, institution and infrastructure; identifying needed points of cooperation and information sharing
  • Requiring self-assessments[25] by licensed intermediaries and infrastructures
  • Benchmarking individual firm and infrastructure control environments
  • Developing and adopting, or causing the licensed institutions or their professional associations to develop and adopt codes of conduct or professional rules
  • Obtaining voluntary commitments from licensed institutions to specific matters such as delivery of confirmations
  • Analyzing and responding to complaints and ad hoc on-site reviews
  • Providing guidance based on the foregoing activities and on thematic reviews
  • Conducting periodic on-site reviews and off-site monitoring
  • Enforcing rules, or legislation by corrective or punitive action
  • Issuing more guidance, including periodic guidance, rules, alerts and warnings

Supervisory techniques include risk-basing to determine the periodic review cycle, scope and level of intensity[26] of review.  In the case of securities firms, the nature of the license may itself indicate which are more and less risky firms and what are the likely risks from an internal or external conduct perspective.  For example, some firms may not be licensed for margin trading, or derivatives trading, and some may only engage in customer or proprietary trading.  In some jurisdictions there are so few firms that all could be visited on a fairly abbreviated schedule.

Monitoring of the market, off-site analysis and on-site supervision are the main supervisory practices used for conduct as for prudential supervision, though in different proportions.  For example, within each functional and sectoral category there may be a different level of emphasis on qualitative information.  In the case of securities, monitoring of firms may also involve reference to market surveillance information developed as part of exchange audit trails that are in real time.  Some jurisdictions, for example, have dynamic formulas for determining when prices are aberrations from the mean or a trend and based on these exceptions conduct additional off-site and on-site analysis of potentially affected institutions.

The following chart lists the types of methodologies, tools and activities that can be applied on a “mix and match basis” to conduct supervision.







Fit and Proper---

Governance and Management

Business Plan

Policies and Procedures

Permitted Activities (agent, principal, custodian of customer assets)


Org. chart

Corporate map





Price analysis

Market surveillance

(including follow up)

Mystery shopping

Market intelligence



Complaints (and complaints analysis)

Whistle blowers

Identification of outlier activities

(profits, losses, trading, products)

Gate-Keepers (eg., custodians, special requirements and reports from external auditors)



Product review

Disclosure review

Financial reports

Other required reports


Material change reports

Information from media



Periodic, ad-hoc, limited scope

Horizontal by theme

Vertical across



Random review of currency (timeliness) and completeness of records and






Remuneration policies

Sales activities


Sampling required  documentation

Testing phone calls, emails


Thematic reviews


Corrective action



Criminal referral


Other issues:  One further issue is how to organize the exchange of prudential and conduct information about particular institutions between departments and/or authorities.
A current and pressing subject of conversation among authorities is what information should be shared between separate prudential and conduct authorities and when and whether and how on-site and off-site activities can be coordinated.

A secondary issue on which not much progress has been made is how to develop performance metrics other than pure numbers of on-site visits, off-site reviews and enforcement actions to demonstrate effective conduct supervision (including enforcement) practices.

Conduct and the Retail/Institutional Conundrum

Oftentimes, the objective of conduct supervision is the fair treatment of retail customers/consumers. For example, customer protection has been flagged as an important part of programs to promote financial inclusion.  This connection between fair conduct and expanding access among the underserved community to formal financial services and development of the financial markets has been important to agreement of IOSCO, BCBS and IAIS on essential point of sale disclosures and to the consultation paper released in December on expansion of the Basel Core Principles for Effective Banking Supervision.  However, market abuses potentially affect all market participants and the integrity of the market itself.  Further, the recent global financial crisis demonstrated that even sophisticated participants could be affected adversely by asymmetric information, mis-valuation of products, and the complexity of products offered.  In response, the UK, the EU and the US have over time added requirements that specifically extend to wholesale as well as retail participants.  These  include strengthening (i) overall governance of financial institutions and infrastructures, including boards, audit, and internal audit functions, (ii)  internal and external compliance and risk policies, (iii) guidance on maintaining a proper business culture, (iv) requirements to consider the impact of wholesale conduct on retail customers, and (v) criminalizing market abuses such as manipulation and insider trading.  (See for example, the US Dodd Frank Act; the EU Markets in Financial Instruments Directives (MiFID I,II) and the Market Abuse Regulation (MAR&MAD); and the UK Financial Conduct Authority (FCA) and ESMA websites for more content.)

It is worth being mindful that so-called sophisticated market participants are often acting for non-sophisticated participants. As stated by Sir Adair Turner, then Chairman of the UK Financial Services Authority:

 “An insurance company or pension fund may be itself a large institution, but sitting behind the company or pension fund are retail investors.  Any poor practice which unreasonably shifts income to the industry is at the expense of some end retail customer.  There are no free lunches, and shoddy wholesale practice is not a victimless act, even in those cases where it is not defined as a crime.”[28]

In practice, while collective investments schemes, and insurance companies and pension funds, may be viewed as sophisticated because they have sophisticated, knowledgeable advisors, when problems arise such entities often will be viewed by the media and the general public as the custodians of widows’ and orphans’ funds, and directly or indirectly, the  general publics’ life savings.  As the losses of such entities ultimately are born by their customers, their underlying beneficiaries are often primarily retail clients or investors who did not themselves choose to take the risks to which they were exposed Hence, increasingly market practices, including distributive practices, are being assessed for problematic conduct, even where the counterparty or the customer is an insurance company[29] or a wealth management company that would otherwise be considered a wholesale customer. Attention to these issues on both a wholesale and retail basis makes sense.  In the 7 years after the financial crisis, firms paid 235 billion USD in fines and other forms of redress with respect to conduct related claims.

Lessons from the Financial Crisis—Conduct Matters.

Lack of conduct standards pertaining to certain complex products and types of transactions and counter-parties and poor standards of corporate governance contributed to the recent Great Financial crisis[30].   Both management and boards paid insufficient attention to internal and external conduct and hence failed to prevent excessive and inappropriate risk-taking in a significant number of financial services firms. It is even possible that some turned a blind eye to miss-selling, unsuitable recommendations, and other conduct abuses during the “hey-day” of extreme profits and de-regulation[31].     The failure to prevent misconduct and conflicts of interest led to misleading customers about risks and the inability of customers and even the relevant authorities to understand these risks.  In some cases, anecdotal evidence indicates that knowledge that certain risks were asymmetric caused banks to take  risks they had transferred to customers back onto their books to avoid reputational and business risk related to lack of trust thereby potentially augmenting the impact of the crisis.


Today across all sectors there is an increasing appreciation that ensuring appropriate conduct is both a top down and a bottom up process, subject to the relevant competent authorities and standard setters, in the first instance, disseminating an overall context and tone of support for treating customers fairly.  From the bottom up:   Individual agents, such as employees and third parties who act on  financial institutions’  behalf and who engage in sales, trading, account handling and advisory activities must be made aware of applicable conduct laws and rules and enjoined to respect these.  These personnel must be incentivized by firm policies and procedures and the framework law and regulation to act fairly.  Such policies and procedures for discouraging and sanctioning misconduct would include appropriate organization charts and separation of functions, vetting employees, competence testing, training, supervision by compliance personnel, escalation policies relating to individual infractions, and a range of consequences for misconduct, including firing for recidivism or egregious cases.  From the top down:  senior management and the board and personnel with specific supervisory responsibilities must establish a culture of fair conduct and a means of communicating that throughout a financial institution.  For this reason, I am commending the separate guidance note on governance and culture to supervisors who are implementing enhanced conduct regimes.

In conclusion, in designing conduct regimes competent authorities should consider the following:

  • Seeking to align the business objectives of financial institutions related to maintaining the trust and confidence of their customers with the supervisory objectives of authorities related to treating customers fairly and maintaining sound financial institutions and markets makes sense in all sectors.
  • Though the emphasis and techniques used may differ across sectors, the basic objectives of conduct supervision are the same:  (i) limit problems due to unlicensed, incompetent provision of services; (ii) provide sufficient and non-misleading disclosure to customers entering into financial contracts and making investment decisions; (iii) prevent mishandling or expropriation of customer funds and assets; (iv) avoid,  prevent or manage conflicts of interest; (v) ensure the provision of un-conflicted advice suitable and appropriate to customers’ credit circumstances and financial objectives   (vii) make clear the terms and conditions, and/or applicable rules, relating to contracts and trading relationships including fees,  treatment of complaints and venues for redress; (viii) discourage improper inducements or incentives; (ix)  protect confidentiality and data; (x) operate with appropriate resources; and in general (x) treat customers, counterparties and the markets fairly.
  • Misconduct is a risk that can have prudential and even adverse systemic financial stability effects.
  • The tools and methods of conduct supervision are evolving and should be adjustable and adjusted upon obtaining experience and to respond to changes in the market.  The tools include both legislation and rules and  soft law such as codes of conduct and moral suasion as well as standard supervisory techniques including monitoring, off-site analysis/supervision and on-site supervision, adapted to identifying particular types of misconduct or exceptions that could be indicators of misconduct.  They also include enforcement activities, mechanisms for redress of complaints and various means of “exposing” misconduct, such as use of whistle blowers, complaints “hot lines,” and published warnings and alerts.
  • Supervisory means must take account of the characteristics of the market, infrastructures, financial institutions, participants, and intermediaries to which they apply, and the characteristics of the specific jurisdictions in which conduct occurs.
  • The ability of the authorities to make binding guidance and the flexibility to address implementation of a conduct regime will be useful in ensuring that such authorities and the financial institutions they supervise keep abreast of market developments.
  • It is important for prudential and conduct supervisors to determine what information should be available to each, how to share such information, and what sorts of cooperation are relevant to ensuring the information on misconduct informs prudential determinations and vice versa.


[1] This note was prepared by Andrea M. Corcoran on behalf of Toronto Centre.

The issue of optimal supervisory regimes to identify, prevent or mitigate conduct abuses across sectors, is at an early stage of developmental thinking.  While there is widespread agreement on objectives; myriad methodologies and techniques are evolving to achieve these.  This note reports on the overall issue and offers some suggestions about supervisory practices and trends.  The note, and its author, assume as do the leading commenters that conduct supervision must be aligned with the circumstances of the markets, the specific financial system services and activities of financial institutions and services providers, and the financial sector affected. 

[2] Market infrastructures encompass clearing and settlement systems and central counterparties as well as exchanges and other markets.

[3] Authorized exchanges or other markets, including over-the-counter markets.

[4] This term typically refers to wholesale customers or counterparties.

[5] Different jurisdictions use different terms to define financial services providers and infrastructures and their clients/customers/investors.  Conduct relates to intermediary conduct, that is conduct of a financial institution vis a vis a customer/client or a counterparty/end-user as well as such intermediary’s proprietary conduct of its own trading or other activities that impact the market.  Conduct also encompasses provision of financial services by other professional providers, such as financial advisors, asset managers, trustees of unit trusts and by employees of licensed securities, bank and insurance firms who interface either with customers, their money or other assets, and with the market.  Conduct in the case of securities regulation further relates to the protection of investors who take equity or debt interests in public and in some cases private offerings.

[6] Increasingly, there is a blurring of distinctions between products offered by different sectors.  This particular note does not seek to address the elements of that blurring for the sake of simplicity in outlining the issues.

[7] MIFID—Conduct of Business—Fair, clear, and not misleading information.  A peer review of all European jurisdictions.  December 11, 2014.

[8] In the case of securities regulation, in some jurisdictions’ licenses or authorizations are  function-specific.  One can only engage in the activities permitted by the specific license(s) granted.

[9] For example a customer might have direct or indirect access to the market through a clearing broker.

[10] Jurisdictions may address conduct in different ways depending on the overall institutional structure pertaining to the regulation/supervision/oversight of the jurisdiction’s market.  For example, conduct supervision might be a department within an integrated supervisor.  Consumer protection might also be addressed by a free-standing separate consumer agency.  In some jurisdictions there are multiple authorities with specific conduct mandates, such as those related to prevention of anti-competitive practices.

[11] US CFTC rule 1.55, 17 CFR 1.55.

[12] For example while equity issues or debt issues may be only vetted for the completeness of relevant disclosure, certain types of products such as margin trades,  options and derivatives may require additional disclosures or be prohibited. Where prospectus approvals and exchange listings are separate processes, the listing process may include an element of merit review, such  as requirements as to the period of  profitable operations and expertise of the founding principals..Account opening documents may be required to meet specific requirements and be reviewed.

[13] Financial Investment Regulatory Authority (FINRA); the National Futures Association (NFA)

[14] For example, cyber-integrity, privacy requirements, handling of funds.

[15] See, e.g.,

[16] IOSCOPD359.pdf  (2011, amended 2013)

[17] Actions by which private citizens can sue to enforce provisions of the law.

[18] Free-market economists typically preferred enforcement regimes coupled with strong protections to maintain competitive markets to multiplying regulatory requirements.

[19] Anecdotally, the industry always says that it prefers principles to prescriptive rules; however, the industry, if at risk of an enforcement action, also always wants specificity as to what is permitted and what is not.

[20] See discussion of BCBS Principles below.

[21] For example, in California, the full amount of the policy may be recovered even if the claimed losses are much less.

[22] Some supervisory authorities cannot make binding regulations or must do so through a secondary legislation process involving others.

[23] As if the firm were a growing baby.

[24] A good example of a guidance letter is the most recent annual guidance issued by the Financial Investors Regulatory Authority (FINRA) on January 6, 2016.  The letter is entitled, “Regulatory and Examinations Priorities Letter,” and can be found at

[25] Such assessments can be against questionnaires developed by the industry or the authorities, against existing obligations and internal policies and procedures, against professional codes, or against international standards, for example.

[26] For example, the amount of, and scope of, sampling.

[27] Depending on the jurisdiction, when specific personnel or conduct is identified the process may have to be converted to an investigative process with attendant “due process” protections

[28] Speech by Sir Adair Turner, then Chairman, UK Financial Services Authority, on the occasion of the Annual Public Meeting of the FSA, March 7, 2012; see also, speech of Tracey McDermott, Director Supervision, Investments, Wholesale and Specialists, Financial Conduct Authority, to the British Bankers Association, July 24, 2015.

[29] An insurance company and certain collective investments might have primarily wholesale clients.  However, even these can raise problems if conduct failures affecting such participants can in turn affect the real economy.. 

[30] Lessons from the financial crisis for corporate governance are covered in more detail in Grant Kirkpatrick The Corporate Governance Lessons from the Financial Crisis, OECD, 2009  (, and Laura Ard and Alexander Berg Bank Governance: Lessons from the Financial Crisis,  World Bank Crisis Response Note, March 2010 (

[31] See discussions in multiple fora commenting on the “breath-taking” de-regulation of the Commodity Futures Modernization Act of 2000 in the US.